CVE-2022-21745
https://notcve.org/view.php?id=CVE-2022-21745
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. En WIFI Firmware, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. • https://corp.mediatek.com/product-security-bulletin/June-2022 • CWE-416: Use After Free •
CVE-2022-20104
https://notcve.org/view.php?id=CVE-2022-20104
In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. En aee daemon, se presenta una posible divulgación de información debido a un control de acceso inapropiado. • https://corp.mediatek.com/product-security-bulletin/May-2022 •
CVE-2022-20103
https://notcve.org/view.php?id=CVE-2022-20103
In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. En aee daemon, se presenta una posible divulgación de información debido a un seguimiento de enlaces simbólicos. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-20102
https://notcve.org/view.php?id=CVE-2022-20102
In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. En aee daemon, se presenta una posible divulgación de información debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-862: Missing Authorization •
CVE-2022-20101
https://notcve.org/view.php?id=CVE-2022-20101
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. En aee daemon, se presenta una posible divulgación de información debido a un salto de ruta. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •